Tag Archives: icloud

Apple updating security for iCloud

After last week’s mass release of nude photos from multiple Hollywood actresses, Apple Inc. announced new security measures to keep user accounts safe.

In an interview with the Wall Street Journal, Chief Executive Tim Cook said hackers were able to brute force into the actresses’ phones by correctly guessing security questions and opening their passwords.

None of the passwords were leaked directly from the company’s servers, he claimed.

Cook says Apple will now alert users through email notifications and allow them to take action immediately when someone moves iCloud data to a new device, logs into an account for the first time, or when changing a password. Apple will start notifying members of the changes in two weeks.

Cook admitted Apple should have done more to make people aware of the dangers of hacking.

“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook said. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”

Apple will also increase two-factor authentication, which requires an Apple user to have both a main password and either a separate four-digit one-time code or a long access key purchased with the system in order to unlock the device.

With the feature is turned on, these steps will be needed to to sign into an iTunes account from another device. Two-factor authentication will also be used for iCloud accounts.

Cook claimed that most users don’t have two-factor authentication, so Apple will encourage people to download the newest version of iOS and activate it. If the celebrities already had the system in place, hackers wouldn’t have had an opportunity to guess the correct answers to security questions, Cook said.

Outside security experts critized Apple for made the previous security too easy to hack, in only requiring answers to security questions.

“There’s a well-understood tension between usability and security,” said security researcher Ashkan Soltani to the Wall Street Journal. “More often than not, Apple chooses to err on the side of usability to make it easier for the user that gets locked out from their kid’s baby photos than to employ strong protections for the high-risk individuals.”

The new notifications will only notify users after their devices have been hacked, Soltani claimed.

The company is trying to salvage its reputation ahead of a new product launch announcement next week. Apple is cooperating with federal law enforcement to investigate and prosecute the hackers. The company did not release information on how many users were affected.

Apple begins storing iCloud data in China

China is the world’s most populous country, and one of Apple’s biggest markets. Apple, it was reported this week, has started to keep personal data on servers located in China. This marks the first time that an American technology company has stored user data in China.

The rationale behind the move, according to Apple, is to allow for faster transfer speeds of iCloud data to iOS and Mac users. iCloud allows users to synchronize data between Apple devices, as well as store certain types of data in the cloud. 

Google, one of Apple’s main rivals in China, has refused to store user data on Chinese soil due to censorship and privacy worries.

According to a report out of Reuters, Apple’s iCloud data will be stored on servers that will be provided by China Telecom, one of China’s largest mobile telecom carriers. 

In a statement on Friday, Apple said:

“Apple takes user security and privacy very seriously We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland china. All data stored with our providers is encrypted. China Telecom does not have access to the content.”

Several sources close to the matter have said that Apple will heavily encrypt the data, and will store the encryption keys off shore. That will make the data unavailable to China Telecom.

Privacy and Security

Security and privacy have long been two of Apple’s main concerns when it comes to online data. The California company has repeatedly stated that they have devised encryption systems for services like iCloud and iMessage that even they themselves cannot break. 

Even with these security measures in place, placing data in China is dangerous according to some analysts. “If they’re making out that the data is protected and secure that’s a little disingenuous because if they want to operate a business here, that’d have to comply with demands from the authorities,” Jeremy Goldkorn said in a statement to Reuters. Goldkorn is the director of Danwei.com, a Chinese research firm.

China is the fastest growing market Apple competes in for both its Macs and iOS devices. Sales of the iPhone were up 50% year over year just this past quarter.

iCloud Keychain: The Latest in Password Management

Imagine you’re shopping online using your MacBook when you get called away from your desk. Later in the day, you’re waiting for an appointment and have a moment to wrap up the task. You pull out your iPhone and pick up where you left off, with the website password and even your credit card number synced securely for your convenience. It’s possible with the new iCloud Keychain.

Amidst the many exciting bits of news that came out of the Apple Worldwide Developer Conference last week was an announcement about the new iCloud Keychain, a password manager for Safari. While it didn’t generate a lot of immediate buzz, this latest development has the potential to significantly impact consumer habits online.

For those of us who utilize iCloud across different Apple devices, the addition of the iCloud Keychain is welcome news. It is yet another way to keep synced and organized, regardless of whether we’re using our MacBooks or our iPads.

iCloud Keychain has a number of remarkable features. It will store and sync website login data, credit card numbers and even preferred Wi-Fi networks and their passwords, across all systems. It can even auto-fill information in online forms.

In an era where we all have more login credentials than we can easily manage, we are scared off the practice of using one password for everything (or even worse, writing our passwords down somewhere.) Yet studies show two thirds of North Americans still use the same password for multiple websites and services, leaving them vulnerable to phishing attacks. In this regard, iCloud Keychain will make our technology-driven lives a little easier. It will even generate and suggest new passwords for users, then store and use them from that point on, if preferred.

iCloud Keychain is Apple’s answer to services like LastPass or 1Password, which integrate with browsers across devices, enabling subscribers to access all their accounts once they’ve entered a master password. The main advantage over competitors’ products, of course, is that iCloud Keychain is free.

Not only is it free, it’s safe, too. To keep your most sensitive data secure, it utilizes 256-bit AES encryption, only syncs on trusted devices, and doesn’t store credit card security codes.